The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Rotating Your AWS Secrets Manager Secrets

You can configure AWS Secrets Manager to automatically rotate the secret for a secured service or database. Secrets Manager already natively knows how to rotate secrets for supported Amazon RDS databases. However, Secrets Manager also can enable you to rotate secrets for other databases or third-party services. Because each service or database can have a unique way of configuring its secrets, Secrets Manager uses a Lambda function that you can customize to work with whatever database or service that you choose. You customize the Lambda function to implement the service-specific details of how to rotate a secret.

When you enable rotation for a secret by using the Credentials for RDS database, Credentials for Redshift cluster, or Credentials for DocumentDB database secret type, Secrets Manager provides a Lambda rotation function for you and populates the function's Amazon Resource Name (ARN) in the secret automatically. You typically don't need to do anything for this to work other than to provide a few details. For example, you specify which secret has permissions to rotate the credentials, and how often you want to rotate the secret.

When you enable rotation for a secret with Credentials for other database or some Other type of secret, you must provide the code for the Lambda function. The code includes the commands that are required to interact with your secured service to update or add credentials.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »